Nginx: Difference between revisions
Bmnascimento (talk | contribs) It was missing the "virtualHosts.localhost" part, making the config file invalid. |
WomboCombo (talk | contribs) m Documented configuration of nginx modules and where to find the module definitions. |
||
| (4 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
[https://nginx.org/ {{PAGENAME}}] ([[wikipedia:en:{{PAGENAME}}]]) is a lightweight webserver. | [https://nginx.org/ {{PAGENAME}}] ([[wikipedia:en:{{PAGENAME}}]]) is a lightweight webserver. | ||
== Installation == | |||
To install Nginx, add the following to your NixOS configuration:{{file|/etc/nixos/configuration.nix|nix|3=services.nginx.enable = true;}} | |||
More options are available: {{nixos:option|services.nginx.}} | |||
== Sample setups == | == Sample setups == | ||
| Line 31: | Line 35: | ||
}; | }; | ||
}; | }; | ||
# Optional: You can configure the email address used with Let's Encrypt. | |||
# This way you get renewal reminders (automated by NixOS) as well as expiration emails. | networking.firewall.allowedTCPPorts = [ 80 443 ]; | ||
security.acme = { | |||
# Accept the CA’s terms of service. The default provider is Let’s Encrypt, you can find their ToS at https://letsencrypt.org/repository/. | |||
acceptTerms = true; | |||
# Optional: You can configure the email address used with Let's Encrypt. | |||
# This way you get renewal reminders (automated by NixOS) as well as expiration emails. | |||
defaults.email = "youremail@address.com"; | |||
}; | }; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
| Line 278: | Line 287: | ||
systemd.services.hedgedoc.serviceConfig.UMask = "0000"; | systemd.services.hedgedoc.serviceConfig.UMask = "0000"; | ||
</syntaxhighlight> | </syntaxhighlight> | ||
== Modules == | |||
Nginx can be run with optional modules. You can add them like this: | |||
services.nginx.package = (pkgs.nginx.override { modules = [ | |||
pkgs.nginxModules.dav | |||
pkgs.nginxModules.lua | |||
... | |||
]; }); | |||
See [https://github.com/NixOS/nixpkgs/blob/master/pkgs/servers/http/nginx/modules.nix#L69 this] for a more comprehensive list of modules available via configuration. | |||
== Let's Encrypt certificates == | == Let's Encrypt certificates == | ||
| Line 437: | Line 456: | ||
services.nginx.package = pkgs.nginxStable.override { openssl = pkgs.libressl; }; | services.nginx.package = pkgs.nginxStable.override { openssl = pkgs.libressl; }; | ||
</syntaxHighlight> | </syntaxHighlight> | ||
== Extra config == | |||
Apart native options, Nix allows to specify verbatim Nginx configuration. Some options are mutually exclusive. | |||
Below table assumes "services.nginx." prefix for all options. These options allows to keep using Nix configuration file while taking advantage of Nginx features which are not representend in options. | |||
{| class="wikitable" | |||
|+ | |||
!Options | |||
!Block | |||
!Behaviour | |||
|- | |||
|config | |||
|nginx.conf | |||
|Verbatim <code>nginx.conf</code> configuration | |||
|- | |||
|appendConfig | |||
|nginx.conf | |||
|Lines appended to the generated Nginx configuration file | |||
|- | |||
|httpConfig | |||
|http block | |||
|exclusive with the structured configuration via virtualHosts | |||
|- | |||
|appendHttpConfig | |||
|http block | |||
|lines appended. exclusive with using config and httpConfig | |||
|- | |||
|virtualHosts.<name>.extraConfig | |||
|server | |||
|These lines go to the end of the vhost verbatim. | |||
|- | |||
|virtualHosts.<name>.locations.<name>.extraConfig | |||
|server | |||
|These lines go to the end of the location verbatim | |||
|} | |||
== See more == | == See more == | ||